Navigating Global Regulations for SaMD
Dhaval Shah
EVP,
CitiusTech
Manan Shah
Sr Healthcare Consultant – II,
CitiusTech
July - 15
Article
Insights
- Software as a Medical Device (SaMD) is poised for rapid expansion within the MedTech sector. By 2028, its market value is projected to increase from $570 billion to $719 billion, according to Statista.
- SaMD plays a crucial role in healthcare optimization. It improves patient outcomes through real-time monitoring, streamlined workflows, regulatory adherence, remote patient care, and cutting-edge technologies like AI and ML.
- Regulatory frameworks for SaMD exist in both the US (FDA) and EU (MDR). These frameworks categorize devices based on risk levels and outline requirements for clinical evaluation, cybersecurity, and data protection under GDPR.
- Rigorous clinical evaluation is essential for SaMD development. It involves defining intended use, validating clinical and analytical performance, and ensuring data accuracy to guarantee safety, efficacy, and compliance.
Article:
As patients increasingly seek tailored medical care that aligns with their unique needs and preferences, digital-first software resources such as Software as a Medical Device (SaMD) have become the need of the hour. SaMD solutions collect and analyze individual patient data, equipping clinicians and patients with personalized insights.
A few examples of SaMD solutions include software that displays and processes medical images to detect tumors, software regulating an installed medical device, insulin dosage calculators and controllers for diabetic patients, and other similar solutions.
Statista[1] predicts that SaMD will be one of the fastest-growing categories in the MedTech sector, with the medical device software market expected to surge from its current value of $570 billion to $719 billion by 2028.
How SaMD improves the care delivery paradigm
In the context of evolving healthcare models that prioritize value-based care, SaMD plays a pivotal role in optimizing outcomes, reducing unnecessary interventions and enhancing resource allocation. It also facilitates precision medicine by rapidly analyzing extensive datasets to inform targeted treatments. As the healthcare landscape continues to evolve, SaMD stands as a vital pillar in delivering the personalized care that patients increasingly demand. Here’s how:
- Improved patient care: Customized health tech software enables real-time patient monitoring, accurate diagnoses and effective treatment plans, ultimately enhancing patient outcomes.
- Operational efficiency: Medical software automates tasks and streamlines workflows, freeing up staff time to focus on patient care.
- Ensuring regulatory compliance and safety: Medical software must adhere to strict regulations, as noncompliance can result in substantial fines. Custom software can be tailored to meet these specific requirements, ensuring the safety of devices without financial repercussions.
- Facilitating remote patient care: Medical software facilitates remote patient care, enabling data-driven decision-making and providing a platform for telemedicine services.
- Advanced capabilities: Utilizing Artificial Intelligence (AI) and Machine Learning (ML), health tech software can support functionalities such as predictive analysis and personalized patient care. This is especially crucial given the challenges of legacy systems.
As the healthcare industry continues to embrace digital innovation, regulatory bodies worldwide, including the U.S. FDA, European Medicine Agency (EMA) and other national authorities, have recognized the necessity of tailored regulations for SaMD.
U.S. Regulations
Under FDA regulations, SaMD is categorized into three classes based on its intended use and potential risks to patients and users: Class I (low risk), Class II (moderate risk) and Class III (high risk).
Content of Premarket Submissions for Device Software Functions (Jun 2023 – Final): A significant change from the 2005 guidance document is the shift from categorizing documentation requirements as low, moderate and major levels of concern to Basic and Enhanced levels. Basic is any premarket submission that includes device software function(s) while Enhanced includes function(s) where failures or flaws could present a hazardous situation.
Marketing Submission Recommendations for a Predetermined Change Control Plan (Apr 2023 – Draft): Manufacturers can submit a predetermined change control plan related to SaMD pre-specifications or ML algorithms without requiring additional submissions for premarket evaluation.
Action Plan for AI/ML-based SaMD (Jan 2021 – Draft): This action plan outlines the draft guidance issued on a predetermined change control plan, harmonizing ML best practices to better evaluate and improve ML algorithms, drive device transparency, support regulatory sciences and advance real-world performance monitoring measures.
EU Regulations
The EU Medical Device Regulation (MDR) classifies medical devices based on their application and risk level into four classes: Class I (low risk), Class IIa (moderately low risk), Class IIb (moderately high risk) and Class III (high risk).
Guidance on clinical evaluation/performance evaluation of medical device software (Mar 2020): This guidance outlines the evaluation criteria for medical device software (MDSW) by assessing the benefit-risk ratio, demonstrating clinical association and scientific validity, validating technical and analytical performance, and ensuring clinical performance aligns with patient needs.
Cybersecurity guidance (Dec 2019): This guidance ensures that devices on the EU market are prepared for any new cybersecurity challenges. It mandates manufacturers develop and deliver products considering risk management, including information security, and establishes minimum requirements for IT security measures to protect against unauthorized access.
GDPR (May 2018): GDPR includes personal data processed by SaMDs when used in healthcare services or medical treatments. Key areas covered include data protection principles, lawful routes for processing personal data, data subject rights, data breach notification, and privacy through design and impact assessment.
These regulations and guidance documents aim to ensure the safety, efficacy and data protection standards of medical device software. The following section is a route map to navigate these regulatory guidelines.
Clinical Evaluation for SaMD
A thorough assessment of the performance of SaMD is critical to patient safety and regulatory compliance. This evaluation ascertains whether the software can consistently deliver accurate diagnoses, treatment recommendations and other valuable medical insights.
The clinical evaluation of SaMD typically encompasses the following key stages:
- Planning: Establishing a clear Intended Use statement is imperative to define how the SaMD will be used.
- Valid clinical association: This step involves verifying whether the SaMD’s targeted clinical condition is directly linked to the device’s output and if it caters to a clinically meaningful use case for the intended patient population.
- Analytical validity: This ensures that the SaMD processes input data as intended. This stage may include verification and validation activities, adherence to sound software engineering practices or drawing from previously collected evidence data.
- Clinical validity: This phase aims to guarantee that the SaMD’s output data is precise and provides the necessary assurance of safety, performance and effectiveness, aligning with the manufacturer’s intended purpose.
The above steps within the clinical evaluation process are critical in evaluating the SaMD’s reliability and ability to positively contribute to patient care and clinical decision-making.
However, when a manufacturer opts to utilize clinical experience data, any data reports or compilations must contain enough information to facilitate a rational and objective assessment. This assessment should lead to conclusions regarding the significance of the data concerning the safety, clinical performance and/or effectiveness of the device. Information based solely on anecdotal reports or opinions without sufficient data support should not be employed.
To aid in this evaluation, it can be beneficial to create a summary table detailing device-related adverse events, particularly focusing on serious adverse events. Additionally, comments should be included regarding whether these observed device-related adverse events can be predicted based on the device’s mode of action. If any hazards are identified that were not previously considered in the risk management documentation, steps must be taken to address them. This may involve implementing additional mitigation measures, such as design modifications or changes to labeling.